VRChat added VRCA (?maybe VRCW too) protection
-
Just saw this site on the same guy, can anyone confirm if it works? I don't know where to get the key
https://uabd.eeacks.cc/ -
assetUrl https://api.vrchat.cloud/api/1/file//2/variant/security example of what i mean vrcx is reading from
or its making an api call to find this data just and idea maybe someone with some idea can code to do this idk
{
"id": "...",
"name": "...",
"assetUrl": "...",
"unityVersion": "...",
"version": 3,
"assetVersion": {
"platform": "standalonewindows",
"assetUrl": "...",
"unityVersion": "...",
"unityPackages": [ ... ],
"plugin": {
"pluginVersion": "2020.4.XXf1",
"platform": "standalonewindows",
"encrypted": true,
"encryptionKey": "=" <--
}
}
}
so idk this just idea info -
assetUrl https://api.vrchat.cloud/api/1/file//2/variant/security example of what i mean vrcx is reading from
or its making an api call to find this data just and idea maybe someone with some idea can code to do this idk
{
"id": "...",
"name": "...",
"assetUrl": "...",
"unityVersion": "...",
"version": 3,
"assetVersion": {
"platform": "standalonewindows",
"assetUrl": "...",
"unityVersion": "...",
"unityPackages": [ ... ],
"plugin": {
"pluginVersion": "2020.4.XXf1",
"platform": "standalonewindows",
"encrypted": true,
"encryptionKey": "=" <--
}
}
}
so idk this just idea info@crystaldustie Yea unfortunately the specific TCP stream that handles the avatar download and exchange is encrypted with TLS 1.2 Meaning we would need THOSE keys too lol. I am pretty sure it uses the PhotonEncryptorPlugin.dll for the TLS encryption because it makes a bunch of calls to bcrypt.dll for key generations, HTTPS encryption and such.
But what exactly encrypts the model is likely in the GameAssembly.dll this one has stuff for AesManaged encryption/decryption and such.
-
Adding this in a second comment but just an observation. When you start up VRChat.exe and you try to load the Public avatars it still fetches them online. It still creates a __data file in your cache folder, yet the unencrypt vrca's for them are in C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\StreamingAssets\Avatars
This has been there before the encryption update. I thought they were there cause the game devs just wanted people to have models that they can use when theyre testing out stuff in the game running it directly from the exe.
Yet it still makes server requests to download them and encrypt them when theyre unencrypted and just sitting their on your PC? The game also does not use PhotonEncryptorPlugin.dll running from the exe, looking at procmon, but only calls GameAssembly.dll
Just kinda weird idk, why download the files from a server if theyre already on your PC? Why still encrypt them?
-
Okay third and final comment, this is my proposal of whats going on based on what ive observed:
GameAssembly.dll is used for model encryption locally on your machine. PhotonEncryptoPlugin.dll in conjuction with bcrypt.dll is used for TLS stream encryption and generating "public use" keys for people getting an avatar thats not theirs (wearing an avatar is what i mean).
This lines up with their new market announcement which sells the ability to use the model. It generates a key that is determined likely by the usr_id and some padding.
Basically: Are you avatar uploader? You get a more special key. Are you not? You get a public use key.
You get approval for it to load on PC, game decrypts and encrypts with functions in the GameAssembly.dll
Just my hunch from my observations, keys are likely associated with user_id. Thanks for coming to my TedTalk
-
Love how VRChat only started to give a shit about ripping when them getting money was involved
DM me if any of my links go down or if there's an update you need.
-
Love how VRChat only started to give a shit about ripping when them getting money was involved
-
Love how VRChat only started to give a shit about ripping when them getting money was involved
@DeepDishBussy only for most creators to hate the marketplace because vrchat takes 50%
-
@DeepDishBussy They cared about it before that...lol
-
isnt it possible to rip mesh and texture data directly from gpu?
-
isnt it possible to rip mesh and texture data directly from gpu?
@Metafalica Technically, if youre thinking of a ripper tool like NinjaRipper for example, youd have to still inject it to the game, so bypass anti cheat (linux method does work). Then even if you do rip like that you are just left with like raw mesh and textures.
You would have to assemble the meshes and rig them. stuff like toggles, animations, bones, rigs, and more would not be ripped.
Asset Ripper would essentially extract the data from the __data file (or .vrca/.vrcw files) and output all the contents in a UnityProject format with toggles, animation, prefabs, shaders, etc.
-
@Visaeres Not really, they only added cache encryption shortly before they added the marketplace.
-
@DeepDishBussy Yeah no. And you can be mad all you want, They cared before they did the encryption bs. Kinda the reason all of you guys are running around like headless chickens lol
@Visaeres I never said I was mad?? I see where you are coming from abt them caring but many people feel they did not care enough since this was added shortly before the marketplace was introduced. it feels like they only care for the paycheck with the timing.
-
Love how VRChat only started to give a shit about ripping when them getting money was involved
@DeepDishBussy It's all started in 2022, not just now. When they rolled out EAC many people concerned that some kind of marketplace inside VRChat is now imminent. Now we have it, along with other useless payed shit. RipperStore shutdown without any excuse year later after implementation of EAC is also kinda suspicious, guys prob got paid for it.
-
@DeepDishBussy It's all started in 2022, not just now. When they rolled out EAC many people concerned that some kind of marketplace inside VRChat is now imminent. Now we have it, along with other useless payed shit. RipperStore shutdown without any excuse year later after implementation of EAC is also kinda suspicious, guys prob got paid for it.
-
@CodeAngel I wish i could browse old database, not this
-
@DeepDishBussy It's all started in 2022, not just now. When they rolled out EAC many people concerned that some kind of marketplace inside VRChat is now imminent. Now we have it, along with other useless payed shit. RipperStore shutdown without any excuse year later after implementation of EAC is also kinda suspicious, guys prob got paid for it.
@sas909 Ripperstore was shut down in the fall of 2023, the reason for it was lack of motivation to maintain the site and how expensive it was to keep up. CodeAngel was not paid to remove it, VRChat wouldnt nicely pay for that nor would codeangel care lol
-
@sas909 Ripperstore was shut down in the fall of 2023, the reason for it was lack of motivation to maintain the site and how expensive it was to keep up. CodeAngel was not paid to remove it, VRChat wouldnt nicely pay for that nor would codeangel care lol
@DeepDishBussy I was always confused about this bit of history. I remember lots of people talking about Ripperstore being shut down, way back when but what is this site we're on rn? A revival? Some side site? since it says forum
What differentiates it from Ripperstore in the past
